vacp2p
/
nim-libp2p
mirror of https://github.com/vacp2p/nim-libp2p.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: move connection handling logic to base class

This commit is contained in:
Dmitriy Ryajov 2020-02-24 23:06:57 -06:00
parent 871d8d7478
commit 9aa9e97602
3 changed files with 96 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
libp2p/protocols/secure/secio.nim
View File

@ -10,6 +10,7 @@ import options
import chronos, chronicles import chronos, chronicles
import nimcrypto/[sysrand, hmac, sha2, sha, hash, rijndael, twofish, bcmode] import nimcrypto/[sysrand, hmac, sha2, sha, hash, rijndael, twofish, bcmode]
import secure, import secure,
secureconn,
../../connection, ../../connection,
../../peerinfo, ../../peerinfo,
../../stream/lpstream, ../../stream/lpstream,
@ -62,7 +63,7 @@ type
of SecureMacType.Sha1: of SecureMacType.Sha1:
ctxsha1: HMAC[sha1] ctxsha1: HMAC[sha1]
SecureConnection = ref object of Connection SecioConn = ref object of SecureConn
writerMac: SecureMac writerMac: SecureMac
readerMac: SecureMac readerMac: SecureMac
writerCoder: SecureCipher writerCoder: SecureCipher
@ -149,7 +150,7 @@ proc decrypt(cipher: var SecureCipher, input: openarray[byte],
of SecureCipherType.Twofish: of SecureCipherType.Twofish:
cipher.ctxtwofish256.decrypt(input, output) cipher.ctxtwofish256.decrypt(input, output)
proc macCheckAndDecode(sconn: SecureConnection, data: var seq[byte]): bool = proc macCheckAndDecode(sconn: SecioConn, data: var seq[byte]): bool =
## This procedure checks MAC of recieved message ``data`` and if message is ## This procedure checks MAC of recieved message ``data`` and if message is
## authenticated, then decrypt message. ## authenticated, then decrypt message.
## ##
@ -176,7 +177,7 @@ proc macCheckAndDecode(sconn: SecureConnection, data: var seq[byte]): bool =
data.setLen(mark) data.setLen(mark)
result = true result = true
proc readMessage(sconn: SecureConnection): Future[seq[byte]] {.async.} = method readMessage(sconn: SecioConn): Future[seq[byte]] {.async.} =
## Read message from channel secure connection ``sconn``. ## Read message from channel secure connection ``sconn``.
try: try:
var buf = newSeq[byte](4) var buf = newSeq[byte](4)
@ -201,7 +202,7 @@ proc readMessage(sconn: SecureConnection): Future[seq[byte]] {.async.} =
except AsyncStreamReadError: except AsyncStreamReadError:
trace "Error reading from connection" trace "Error reading from connection"
proc writeMessage(sconn: SecureConnection, message: seq[byte]) {.async.} = method writeMessage(sconn: SecioConn, message: seq[byte]) {.async.} =
## Write message ``message`` to secure connection ``sconn``. ## Write message ``message`` to secure connection ``sconn``.
let macsize = sconn.writerMac.sizeDigest() let macsize = sconn.writerMac.sizeDigest()
var msg = newSeq[byte](len(message) + 4 + macsize) var msg = newSeq[byte](len(message) + 4 + macsize)
@ -221,12 +222,12 @@ proc writeMessage(sconn: SecureConnection, message: seq[byte]) {.async.} =
except AsyncStreamWriteError: except AsyncStreamWriteError:
trace "Could not write to connection" trace "Could not write to connection"
proc newSecureConnection(conn: Connection, proc newSecioConn(conn: Connection,
hash: string, hash: string,
cipher: string, cipher: string,
secrets: Secret, secrets: Secret,
order: int, order: int,
remotePubKey: PublicKey): SecureConnection = remotePubKey: PublicKey): SecioConn =
## Create new secure connection, using specified hash algorithm ``hash``, ## Create new secure connection, using specified hash algorithm ``hash``,
## cipher algorithm ``cipher``, stretched keys ``secrets`` and order ## cipher algorithm ``cipher``, stretched keys ``secrets`` and order
## ``order``. ## ``order``.
@ -280,7 +281,7 @@ proc transactMessage(conn: Connection,
except AsyncStreamWriteError: except AsyncStreamWriteError:
trace "Could not write to connection", conn = $conn trace "Could not write to connection", conn = $conn
proc handshake(s: Secio, conn: Connection): Future[SecureConnection] {.async.} = method handshake*(s: Secio, conn: Connection): Future[SecureConn] {.async.} =
var var
localNonce: array[SecioNonceSize, byte] localNonce: array[SecioNonceSize, byte]
remoteNonce: seq[byte] remoteNonce: seq[byte]
@ -403,9 +404,10 @@ proc handshake(s: Secio, conn: Connection): Future[SecureConnection] {.async.} =
# Perform Nonce exchange over encrypted channel. # Perform Nonce exchange over encrypted channel.
result = newSecureConnection(conn, hash, cipher, keys, order, remotePubkey) var secioConn = newSecioConn(conn, hash, cipher, keys, order, remotePubkey)
await result.writeMessage(remoteNonce) result = secioConn
var res = await result.readMessage() await secioConn.writeMessage(remoteNonce)
var res = await secioConn.readMessage()
if res != @localNonce: if res != @localNonce:
trace "Nonce verification failed", receivedNonce = toHex(res), trace "Nonce verification failed", receivedNonce = toHex(res),
@ -414,52 +416,9 @@ proc handshake(s: Secio, conn: Connection): Future[SecureConnection] {.async.} =
else: else:
trace "Secure handshake succeeded" trace "Secure handshake succeeded"
proc readLoop(sconn: SecureConnection, stream: BufferStream) {.async.} =
try:
while not sconn.closed:
let msg = await sconn.readMessage()
if msg.len == 0:
trace "stream EOF"
return
await stream.pushTo(msg)
except CatchableError as exc:
trace "exception occurred SecureConnection.readLoop", exc = exc.msg
finally:
if not sconn.closed:
await sconn.close()
trace "ending secio readLoop", isclosed = sconn.closed()
proc handleConn(s: Secio, conn: Connection): Future[Connection] {.async, gcsafe.} =
var sconn = await s.handshake(conn)
proc writeHandler(data: seq[byte]) {.async, gcsafe.} =
trace "sending encrypted bytes", bytes = data.toHex()
await sconn.writeMessage(data)
var stream = newBufferStream(writeHandler)
asyncCheck readLoop(sconn, stream)
result = newConnection(stream)
result.closeEvent.wait()
.addCallback do (udata: pointer):
trace "wrapped connection closed, closing upstream"
if not isNil(sconn) and not sconn.closed:
asyncCheck sconn.close()
result.peerInfo = PeerInfo.init(sconn.peerInfo.publicKey.get())
method init(s: Secio) {.gcsafe.} = method init(s: Secio) {.gcsafe.} =
proc handle(conn: Connection, proto: string) {.async, gcsafe.} = procCall Secure(s).init()
trace "handling connection"
try:
asyncCheck s.handleConn(conn)
trace "connection secured"
except CatchableError as exc:
if not conn.closed():
warn "securing connection failed", msg = exc.msg
await conn.close()
s.codec = SecioCodec s.codec = SecioCodec
s.handler = handle
method secure*(s: Secio, conn: Connection): Future[Connection] {.async, gcsafe.} = method secure*(s: Secio, conn: Connection): Future[Connection] {.async, gcsafe.} =
try: try:

62
libp2p/protocols/secure/secure.nim
View File

@ -7,14 +7,70 @@
## This file may not be copied, modified, or distributed except according to ## This file may not be copied, modified, or distributed except according to
## those terms. ## those terms.
import options
import chronos import chronos
import ../protocol, import chronicles
../../connection import secureconn,
../protocol,
../../stream/bufferstream,
../../crypto/crypto,
../../connection,
../../peerinfo
type type
Secure* = ref object of LPProtocol # base type for secure managers Secure* = ref object of LPProtocol # base type for secure managers
method secure*(p: Secure, conn: Connection): Future[Connection] {.base.} = method handshake(s: Secure, conn: Connection): Future[SecureConn] {.async, base.} =
doAssert(false, "Not implemented!")
proc readLoop(sconn: SecureConn, stream: BufferStream) {.async.} =
try:
while not sconn.closed:
let msg = await sconn.readMessage()
if msg.len == 0:
trace "stream EOF"
return
await stream.pushTo(msg)
except CatchableError as exc:
trace "exception occurred SecioConn.readLoop", exc = exc.msg
finally:
if not sconn.closed:
await sconn.close()
trace "ending secio readLoop", isclosed = sconn.closed()
method handleConn*(s: Secure, conn: Connection): Future[Connection] {.async, base, gcsafe.} =
var sconn = await s.handshake(conn)
proc writeHandler(data: seq[byte]) {.async, gcsafe.} =
trace "sending encrypted bytes", bytes = data.toHex()
await sconn.writeMessage(data)
var stream = newBufferStream(writeHandler)
asyncCheck readLoop(sconn, stream)
result = newConnection(stream)
result.closeEvent.wait()
.addCallback do (udata: pointer):
trace "wrapped connection closed, closing upstream"
if not isNil(sconn) and not sconn.closed:
asyncCheck sconn.close()
result.peerInfo = PeerInfo.init(sconn.peerInfo.publicKey.get())
method init*(s: Secure) {.gcsafe.} =
proc handle(conn: Connection, proto: string) {.async, gcsafe.} =
trace "handling connection"
try:
asyncCheck s.handleConn(conn)
trace "connection secured"
except CatchableError as exc:
if not conn.closed():
warn "securing connection failed", msg = exc.msg
await conn.close()
s.handler = handle
method secure*(p: Secure, conn: Connection): Future[Connection]
{.base, async, gcsafe.} =
## default implementation matches plaintext ## default implementation matches plaintext
var retFuture = newFuture[Connection]("secure.secure") var retFuture = newFuture[Connection]("secure.secure")
retFuture.complete(conn) retFuture.complete(conn)

20
libp2p/protocols/secure/secureconn.nim Normal file
View File

@ -0,0 +1,20 @@
## Nim-LibP2P
## Copyright (c) 2020 Status Research & Development GmbH
## Licensed under either of
## * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE))
## * MIT license ([LICENSE-MIT](LICENSE-MIT))
## at your option.
## This file may not be copied, modified, or distributed except according to
## those terms.
import chronos
import ../../connection
type
SecureConn* = ref object of Connection
method readMessage*(c: SecureConn): Future[seq[byte]] {.async, base.} =
doAssert(false, "Not implemented!")
method writeMessage*(c: SecureConn, data: seq[byte]) {.async, base.} =
doAssert(false, "Not implemented!")